Collecting Active Roles logs centrally using the syslog-ng Windows Agent
One Identity Active Roles allows you to easily and securely manage Active Directory (AD), Entra ID and M365 Identity objects. While Active Roles stores its log messages into Windows Event Log, most log management and log analytics applications expect to receive log messages over the syslog protocol. This is where syslog-ng Premium Edition (PE) can help you. The syslog-ng Windows Agent can collect and forward Active Roles log messages from Windows Event Log, while the syslog-ng server can collect, process, store and forward Active Roles log messages to multiple destinations.
Installing syslog-ng PE together with Active Roles has many advantages, one of which is central log collection. This means that you do not have to log in to individual hosts to check logs, but instead can view logs from every host in a single location. This also enhances security, as logs are available even when they disappear from the original location due to a hardware failure or security incident.
From this blog, you can learn how to configure the syslog-ng Windows Agent to collect and forward Active Roles log messages from Windows Event Log, and how to parse and store the incoming log messages on the syslog-ng server side.
Read the rest at https://www.syslog-ng.com/community/b/blog/posts/collecting-active-roles-logs-centrally-using-the-syslog-ng-windows-agent
